Category Started On Completed On Duration Cuckoo Version
FILE 2014-07-08 03:41:08 2014-07-08 03:43:04 116 seconds 1.2-dev
Machine Label Manager Started On Shutdown On
machine4 xpmachine4 VirtualBox 2014-07-08 03:41:08 2014-07-08 03:43:04

File Details

File name report_id_875893475983475934759384.exe
File size 63488 bytes
File type PE32 executable (GUI) Intel 80386, for MS Windows
CRC32 07A9BC04
MD5 893fa85916ba510ef7d4e4c89373b41f
SHA1 82fb8e72bf29c2f0cfe9d52b483b4227482fa88b
SHA256 d72955a0da795acad8cda428f02caff3fd20ff8d162716e7c2c992a867b1e868
SHA512 501fbc8bb1ad4bb921f0a5ff645572459328d1a62a34e5972b97761386e6a2dfafd9e6735d29b5f6cce485426bd00b2186088e3a77f40f6a614ea0696599beb6
Ssdeep None
PEiD None matched
Yara None matched
VirusTotal File not found on VirusTotal

Signatures

Installs itself for autorun at Windows startup

Screenshots

Static Analysis

Sections

Imports

Strings

Dropped Files

Nothing to display.

Network Analysis

Hosts Involved

Behavior Summary

Files
  • C:\WINDOWS\system32\duser.dll
  • C:\DOCUME~1\TDW\LOCALS~1\Temp\report_id_875893475983475934759384.exe
  • C:\
Mutexes Nothing to display.
Registry Keys
  • HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Disk\Enum
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall

Processes

registry filesystem process services network synchronization

report_id_875893475983475934759384.exe PID: 588, Parent PID: 300

Volatility

Nothing to display.